2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 /****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34 ****************************************************************************/
36 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
41 return se_access_check(sd,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
47 /****************************************************************************
48 Check if we have open rights.
49 ****************************************************************************/
51 static NTSTATUS check_open_rights(struct connection_struct *conn,
55 /* Check if we have rights to open. */
57 uint32_t access_granted = 0;
58 struct security_descriptor *sd;
60 status = SMB_VFS_GET_NT_ACL(conn, fname,
61 (OWNER_SECURITY_INFORMATION |
62 GROUP_SECURITY_INFORMATION |
63 DACL_SECURITY_INFORMATION),&sd);
65 if (!NT_STATUS_IS_OK(status)) {
66 DEBUG(10, ("check_open_rights: Could not get acl "
73 status = smb1_file_se_access_check(sd,
74 conn->server_info->ptok,
82 /****************************************************************************
83 fd support routines - attempt to do a dos_open.
84 ****************************************************************************/
86 static NTSTATUS fd_open(struct connection_struct *conn,
92 NTSTATUS status = NT_STATUS_OK;
96 * Never follow symlinks on a POSIX client. The
97 * client should be doing this.
100 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
105 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
106 if (fsp->fh->fd == -1) {
107 status = map_nt_error_from_unix(errno);
110 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
111 fname, flags, (int)mode, fsp->fh->fd,
112 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
117 /****************************************************************************
118 Close the file associated with a fsp.
119 ****************************************************************************/
121 NTSTATUS fd_close(files_struct *fsp)
125 if (fsp->fh->fd == -1) {
126 return NT_STATUS_OK; /* What we used to call a stat open. */
128 if (fsp->fh->ref_count > 1) {
129 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
132 ret = SMB_VFS_CLOSE(fsp);
135 return map_nt_error_from_unix(errno);
140 /****************************************************************************
141 Change the ownership of a file to that of the parent directory.
142 Do this by fd if possible.
143 ****************************************************************************/
145 static void change_file_owner_to_parent(connection_struct *conn,
146 const char *inherit_from_dir,
149 SMB_STRUCT_STAT parent_st;
152 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
154 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
155 "directory %s. Error was %s\n",
156 inherit_from_dir, strerror(errno) ));
161 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
164 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
165 "file %s to parent directory uid %u. Error "
166 "was %s\n", fsp->fsp_name,
167 (unsigned int)parent_st.st_uid,
171 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
172 "parent directory uid %u.\n", fsp->fsp_name,
173 (unsigned int)parent_st.st_uid ));
176 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
177 const char *inherit_from_dir,
179 SMB_STRUCT_STAT *psbuf)
181 char *saved_dir = NULL;
182 SMB_STRUCT_STAT sbuf;
183 SMB_STRUCT_STAT parent_st;
184 TALLOC_CTX *ctx = talloc_tos();
185 NTSTATUS status = NT_STATUS_OK;
188 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
190 status = map_nt_error_from_unix(errno);
191 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
192 "directory %s. Error was %s\n",
193 inherit_from_dir, strerror(errno) ));
197 /* We've already done an lstat into psbuf, and we know it's a
198 directory. If we can cd into the directory and the dev/ino
199 are the same then we can safely chown without races as
200 we're locking the directory in place by being in it. This
201 should work on any UNIX (thanks tridge :-). JRA.
204 saved_dir = vfs_GetWd(ctx,conn);
206 status = map_nt_error_from_unix(errno);
207 DEBUG(0,("change_dir_owner_to_parent: failed to get "
208 "current working directory. Error was %s\n",
213 /* Chdir into the new path. */
214 if (vfs_ChDir(conn, fname) == -1) {
215 status = map_nt_error_from_unix(errno);
216 DEBUG(0,("change_dir_owner_to_parent: failed to change "
217 "current working directory to %s. Error "
218 "was %s\n", fname, strerror(errno) ));
222 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
223 status = map_nt_error_from_unix(errno);
224 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
225 "directory '.' (%s) Error was %s\n",
226 fname, strerror(errno)));
230 /* Ensure we're pointing at the same place. */
231 if (sbuf.st_dev != psbuf->st_dev ||
232 sbuf.st_ino != psbuf->st_ino ||
233 sbuf.st_mode != psbuf->st_mode ) {
234 DEBUG(0,("change_dir_owner_to_parent: "
235 "device/inode/mode on directory %s changed. "
236 "Refusing to chown !\n", fname ));
237 status = NT_STATUS_ACCESS_DENIED;
242 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
245 status = map_nt_error_from_unix(errno);
246 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
247 "directory %s to parent directory uid %u. "
248 "Error was %s\n", fname,
249 (unsigned int)parent_st.st_uid, strerror(errno) ));
253 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
254 "directory %s to parent directory uid %u.\n",
255 fname, (unsigned int)parent_st.st_uid ));
259 vfs_ChDir(conn,saved_dir);
263 /****************************************************************************
265 ****************************************************************************/
267 static NTSTATUS open_file(files_struct *fsp,
268 connection_struct *conn,
269 struct smb_request *req,
270 const char *parent_dir,
273 SMB_STRUCT_STAT *psbuf,
276 uint32 access_mask, /* client requested access mask. */
277 uint32 open_access_mask) /* what we're actually using in the open. */
279 NTSTATUS status = NT_STATUS_OK;
280 int accmode = (flags & O_ACCMODE);
281 int local_flags = flags;
282 bool file_existed = VALID_STAT(*psbuf);
287 /* Check permissions */
290 * This code was changed after seeing a client open request
291 * containing the open mode of (DENY_WRITE/read-only) with
292 * the 'create if not exist' bit set. The previous code
293 * would fail to open the file read only on a read-only share
294 * as it was checking the flags parameter directly against O_RDONLY,
295 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
299 if (!CAN_WRITE(conn)) {
300 /* It's a read-only share - fail if we wanted to write. */
301 if(accmode != O_RDONLY) {
302 DEBUG(3,("Permission denied opening %s\n", path));
303 return NT_STATUS_ACCESS_DENIED;
304 } else if(flags & O_CREAT) {
305 /* We don't want to write - but we must make sure that
306 O_CREAT doesn't create the file if we have write
307 access into the directory.
310 local_flags &= ~O_CREAT;
315 * This little piece of insanity is inspired by the
316 * fact that an NT client can open a file for O_RDONLY,
317 * but set the create disposition to FILE_EXISTS_TRUNCATE.
318 * If the client *can* write to the file, then it expects to
319 * truncate the file, even though it is opening for readonly.
320 * Quicken uses this stupid trick in backup file creation...
321 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
322 * for helping track this one down. It didn't bite us in 2.0.x
323 * as we always opened files read-write in that release. JRA.
326 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
327 DEBUG(10,("open_file: truncate requested on read-only open "
328 "for file %s\n", path));
329 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
332 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
333 (!file_existed && (local_flags & O_CREAT)) ||
334 ((local_flags & O_TRUNC) == O_TRUNC) ) {
338 * We can't actually truncate here as the file may be locked.
339 * open_file_ntcreate will take care of the truncate later. JRA.
342 local_flags &= ~O_TRUNC;
344 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
346 * We would block on opening a FIFO with no one else on the
347 * other end. Do what we used to do and add O_NONBLOCK to the
351 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
352 local_flags |= O_NONBLOCK;
356 /* Don't create files with Microsoft wildcard characters. */
359 * wildcard characters are allowed in stream names
360 * only test the basefilename
362 wild = fsp->base_fsp->fsp_name;
366 if ((local_flags & O_CREAT) && !file_existed &&
368 return NT_STATUS_OBJECT_NAME_INVALID;
371 /* Actually do the open */
372 status = fd_open(conn, path, fsp, local_flags, unx_mode);
373 if (!NT_STATUS_IS_OK(status)) {
374 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
376 path,nt_errstr(status),local_flags,flags));
380 if ((local_flags & O_CREAT) && !file_existed) {
382 /* Inherit the ACL if required */
383 if (lp_inherit_perms(SNUM(conn))) {
384 inherit_access_posix_acl(conn, parent_dir, path,
388 /* Change the owner if required. */
389 if (lp_inherit_owner(SNUM(conn))) {
390 change_file_owner_to_parent(conn, parent_dir,
394 notify_fname(conn, NOTIFY_ACTION_ADDED,
395 FILE_NOTIFY_CHANGE_FILE_NAME, path);
399 fsp->fh->fd = -1; /* What we used to call a stat open. */
401 status = check_open_rights(conn,
404 if (!NT_STATUS_IS_OK(status)) {
405 DEBUG(10, ("open_file: Access denied on "
416 if (fsp->fh->fd == -1) {
417 ret = SMB_VFS_STAT(conn, path, psbuf);
419 ret = SMB_VFS_FSTAT(fsp, psbuf);
420 /* If we have an fd, this stat should succeed. */
422 DEBUG(0,("Error doing fstat on open file %s "
423 "(%s)\n", path,strerror(errno) ));
427 /* For a non-io open, this stat failing means file not found. JRA */
429 status = map_nt_error_from_unix(errno);
436 * POSIX allows read-only opens of directories. We don't
437 * want to do this (we use a different code path for this)
438 * so catch a directory open and return an EISDIR. JRA.
441 if(S_ISDIR(psbuf->st_mode)) {
444 return NT_STATUS_FILE_IS_A_DIRECTORY;
447 fsp->mode = psbuf->st_mode;
448 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
449 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
450 fsp->file_pid = req ? req->smbpid : 0;
451 fsp->can_lock = True;
452 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
453 if (!CAN_WRITE(conn)) {
454 fsp->can_write = False;
456 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
459 fsp->print_file = False;
460 fsp->modified = False;
461 fsp->sent_oplock_break = NO_BREAK_SENT;
462 fsp->is_directory = False;
463 if (conn->aio_write_behind_list &&
464 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
465 fsp->aio_write_behind = True;
468 string_set(&fsp->fsp_name, path);
469 fsp->wcp = NULL; /* Write cache pointer. */
471 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
472 conn->server_info->unix_name,
474 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
475 conn->num_files_open));
481 /*******************************************************************
482 Return True if the filename is one of the special executable types.
483 ********************************************************************/
485 static bool is_executable(const char *fname)
487 if ((fname = strrchr_m(fname,'.'))) {
488 if (strequal(fname,".com") ||
489 strequal(fname,".dll") ||
490 strequal(fname,".exe") ||
491 strequal(fname,".sym")) {
498 /****************************************************************************
499 Check if we can open a file with a share mode.
500 Returns True if conflict, False if not.
501 ****************************************************************************/
503 static bool share_conflict(struct share_mode_entry *entry,
507 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
508 "entry->share_access = 0x%x, "
509 "entry->private_options = 0x%x\n",
510 (unsigned int)entry->access_mask,
511 (unsigned int)entry->share_access,
512 (unsigned int)entry->private_options));
514 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
515 (unsigned int)access_mask, (unsigned int)share_access));
517 if ((entry->access_mask & (FILE_WRITE_DATA|
521 DELETE_ACCESS)) == 0) {
522 DEBUG(10,("share_conflict: No conflict due to "
523 "entry->access_mask = 0x%x\n",
524 (unsigned int)entry->access_mask ));
528 if ((access_mask & (FILE_WRITE_DATA|
532 DELETE_ACCESS)) == 0) {
533 DEBUG(10,("share_conflict: No conflict due to "
534 "access_mask = 0x%x\n",
535 (unsigned int)access_mask ));
539 #if 1 /* JRA TEST - Superdebug. */
540 #define CHECK_MASK(num, am, right, sa, share) \
541 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
542 (unsigned int)(num), (unsigned int)(am), \
543 (unsigned int)(right), (unsigned int)(am)&(right) )); \
544 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
545 (unsigned int)(num), (unsigned int)(sa), \
546 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
547 if (((am) & (right)) && !((sa) & (share))) { \
548 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
549 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
550 (unsigned int)(share) )); \
554 #define CHECK_MASK(num, am, right, sa, share) \
555 if (((am) & (right)) && !((sa) & (share))) { \
556 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
557 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
558 (unsigned int)(share) )); \
563 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
564 share_access, FILE_SHARE_WRITE);
565 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
566 entry->share_access, FILE_SHARE_WRITE);
568 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
569 share_access, FILE_SHARE_READ);
570 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
571 entry->share_access, FILE_SHARE_READ);
573 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
574 share_access, FILE_SHARE_DELETE);
575 CHECK_MASK(6, access_mask, DELETE_ACCESS,
576 entry->share_access, FILE_SHARE_DELETE);
578 DEBUG(10,("share_conflict: No conflict.\n"));
582 #if defined(DEVELOPER)
583 static void validate_my_share_entries(int num,
584 struct share_mode_entry *share_entry)
588 if (!procid_is_me(&share_entry->pid)) {
592 if (is_deferred_open_entry(share_entry) &&
593 !open_was_deferred(share_entry->op_mid)) {
594 char *str = talloc_asprintf(talloc_tos(),
595 "Got a deferred entry without a request: "
597 share_mode_str(talloc_tos(), num, share_entry));
601 if (!is_valid_share_mode_entry(share_entry)) {
605 fsp = file_find_dif(share_entry->id,
606 share_entry->share_file_id);
608 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
609 share_mode_str(talloc_tos(), num, share_entry) ));
610 smb_panic("validate_my_share_entries: Cannot match a "
611 "share entry with an open file\n");
614 if (is_deferred_open_entry(share_entry) ||
615 is_unused_share_mode_entry(share_entry)) {
619 if ((share_entry->op_type == NO_OPLOCK) &&
620 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
621 /* Someone has already written to it, but I haven't yet
626 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
635 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
636 share_mode_str(talloc_tos(), num, share_entry) ));
637 str = talloc_asprintf(talloc_tos(),
638 "validate_my_share_entries: "
639 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
640 fsp->fsp_name, (unsigned int)fsp->oplock_type,
641 (unsigned int)share_entry->op_type );
647 static bool is_stat_open(uint32 access_mask)
649 return (access_mask &&
650 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
651 FILE_WRITE_ATTRIBUTES))==0) &&
652 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
653 FILE_WRITE_ATTRIBUTES)) != 0));
656 /****************************************************************************
657 Deal with share modes
658 Invarient: Share mode must be locked on entry and exit.
659 Returns -1 on error, or number of share modes on success (may be zero).
660 ****************************************************************************/
662 static NTSTATUS open_mode_check(connection_struct *conn,
664 struct share_mode_lock *lck,
667 uint32 create_options,
672 if(lck->num_share_modes == 0) {
676 *file_existed = True;
678 /* A delete on close prohibits everything */
680 if (lck->delete_on_close) {
681 return NT_STATUS_DELETE_PENDING;
684 if (is_stat_open(access_mask)) {
685 /* Stat open that doesn't trigger oplock breaks or share mode
686 * checks... ! JRA. */
691 * Check if the share modes will give us access.
694 #if defined(DEVELOPER)
695 for(i = 0; i < lck->num_share_modes; i++) {
696 validate_my_share_entries(i, &lck->share_modes[i]);
700 if (!lp_share_modes(SNUM(conn))) {
704 /* Now we check the share modes, after any oplock breaks. */
705 for(i = 0; i < lck->num_share_modes; i++) {
707 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
711 /* someone else has a share lock on it, check to see if we can
713 if (share_conflict(&lck->share_modes[i],
714 access_mask, share_access)) {
715 return NT_STATUS_SHARING_VIOLATION;
722 static bool is_delete_request(files_struct *fsp) {
723 return ((fsp->access_mask == DELETE_ACCESS) &&
724 (fsp->oplock_type == NO_OPLOCK));
728 * Send a break message to the oplock holder and delay the open for
732 static NTSTATUS send_break_message(files_struct *fsp,
733 struct share_mode_entry *exclusive,
738 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
740 DEBUG(10, ("Sending break request to PID %s\n",
741 procid_str_static(&exclusive->pid)));
742 exclusive->op_mid = mid;
744 /* Create the message. */
745 share_mode_entry_to_message(msg, exclusive);
747 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
748 don't want this set in the share mode struct pointed to by lck. */
750 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
751 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
754 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
755 MSG_SMB_BREAK_REQUEST,
757 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
758 if (!NT_STATUS_IS_OK(status)) {
759 DEBUG(3, ("Could not send oplock break message: %s\n",
767 * 1) No files open at all or internal open: Grant whatever the client wants.
769 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
770 * request, break if the oplock around is a batch oplock. If it's another
771 * requested access type, break.
773 * 3) Only level2 around: Grant level2 and do nothing else.
776 static bool delay_for_oplocks(struct share_mode_lock *lck,
782 extern uint32 global_client_caps;
784 struct share_mode_entry *exclusive = NULL;
785 bool valid_entry = false;
786 bool have_level2 = false;
787 bool have_a_none_oplock = false;
788 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
789 lp_level2_oplocks(SNUM(fsp->conn));
791 if (oplock_request & INTERNAL_OPEN_ONLY) {
792 fsp->oplock_type = NO_OPLOCK;
795 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
799 for (i=0; i<lck->num_share_modes; i++) {
801 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
805 /* At least one entry is not an invalid or deferred entry. */
808 if (pass_number == 1) {
809 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
810 SMB_ASSERT(exclusive == NULL);
811 exclusive = &lck->share_modes[i];
814 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
815 SMB_ASSERT(exclusive == NULL);
816 exclusive = &lck->share_modes[i];
820 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
821 SMB_ASSERT(exclusive == NULL);
825 if (lck->share_modes[i].op_type == NO_OPLOCK) {
826 have_a_none_oplock = true;
830 if (exclusive != NULL) { /* Found an exclusive oplock */
831 bool delay_it = is_delete_request(fsp) ?
832 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
833 SMB_ASSERT(!have_level2);
835 send_break_message(fsp, exclusive, mid, oplock_request);
841 * Match what was requested (fsp->oplock_type) with
842 * what was found in the existing share modes.
846 /* All entries are placeholders or deferred.
847 * Directly grant whatever the client wants. */
848 if (fsp->oplock_type == NO_OPLOCK) {
849 /* Store a level2 oplock, but don't tell the client */
850 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
852 } else if (have_a_none_oplock) {
853 fsp->oplock_type = NO_OPLOCK;
854 } else if (have_level2) {
855 if (fsp->oplock_type == NO_OPLOCK ||
856 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
857 /* Store a level2 oplock, but don't tell the client */
858 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
860 fsp->oplock_type = LEVEL_II_OPLOCK;
863 /* This case can never happen. */
868 * Don't grant level2 to clients that don't want them
869 * or if we've turned them off.
871 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
872 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
875 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
876 fsp->oplock_type, fsp->fsp_name));
882 static bool request_timed_out(struct timeval request_time,
883 struct timeval timeout)
885 struct timeval now, end_time;
887 end_time = timeval_sum(&request_time, &timeout);
888 return (timeval_compare(&end_time, &now) < 0);
891 /****************************************************************************
892 Handle the 1 second delay in returning a SHARING_VIOLATION error.
893 ****************************************************************************/
895 static void defer_open(struct share_mode_lock *lck,
896 struct timeval request_time,
897 struct timeval timeout,
898 struct smb_request *req,
899 struct deferred_open_record *state)
905 for (i=0; i<lck->num_share_modes; i++) {
906 struct share_mode_entry *e = &lck->share_modes[i];
908 if (!is_deferred_open_entry(e)) {
912 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
913 DEBUG(0, ("Trying to defer an already deferred "
914 "request: mid=%d, exiting\n", req->mid));
915 exit_server("attempt to defer a deferred request");
919 /* End paranoia check */
921 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
922 "open entry for mid %u\n",
923 (unsigned int)request_time.tv_sec,
924 (unsigned int)request_time.tv_usec,
925 (unsigned int)req->mid));
927 if (!push_deferred_smb_message(req, request_time, timeout,
928 (char *)state, sizeof(*state))) {
929 exit_server("push_deferred_smb_message failed");
931 add_deferred_open(lck, req->mid, request_time, state->id);
934 * Push the MID of this packet on the signing queue.
935 * We only do this once, the first time we push the packet
936 * onto the deferred open queue, as this has a side effect
937 * of incrementing the response sequence number.
940 srv_defer_sign_response(req->mid);
944 /****************************************************************************
945 On overwrite open ensure that the attributes match.
946 ****************************************************************************/
948 static bool open_match_attributes(connection_struct *conn,
952 mode_t existing_unx_mode,
954 mode_t *returned_unx_mode)
956 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
958 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
959 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
961 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
962 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
963 *returned_unx_mode = new_unx_mode;
965 *returned_unx_mode = (mode_t)0;
968 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
969 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
970 "returned_unx_mode = 0%o\n",
972 (unsigned int)old_dos_attr,
973 (unsigned int)existing_unx_mode,
974 (unsigned int)new_dos_attr,
975 (unsigned int)*returned_unx_mode ));
977 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
978 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
979 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
980 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
984 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
985 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
986 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
993 /****************************************************************************
994 Special FCB or DOS processing in the case of a sharing violation.
995 Try and find a duplicated file handle.
996 ****************************************************************************/
998 static NTSTATUS fcb_or_dos_open(connection_struct *conn,
999 files_struct *fsp_to_dup_into,
1005 uint32 share_access,
1006 uint32 create_options)
1010 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1011 "file %s.\n", fname ));
1013 for(fsp = file_find_di_first(id); fsp;
1014 fsp = file_find_di_next(fsp)) {
1016 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1017 "vuid = %u, file_pid = %u, private_options = 0x%x "
1018 "access_mask = 0x%x\n", fsp->fsp_name,
1019 fsp->fh->fd, (unsigned int)fsp->vuid,
1020 (unsigned int)fsp->file_pid,
1021 (unsigned int)fsp->fh->private_options,
1022 (unsigned int)fsp->access_mask ));
1024 if (fsp->fh->fd != -1 &&
1025 fsp->vuid == vuid &&
1026 fsp->file_pid == file_pid &&
1027 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1028 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1029 (fsp->access_mask & FILE_WRITE_DATA) &&
1030 strequal(fsp->fsp_name, fname)) {
1031 DEBUG(10,("fcb_or_dos_open: file match\n"));
1037 return NT_STATUS_NOT_FOUND;
1040 /* quite an insane set of semantics ... */
1041 if (is_executable(fname) &&
1042 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1043 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1044 return NT_STATUS_INVALID_PARAMETER;
1047 /* We need to duplicate this fsp. */
1048 dup_file_fsp(fsp, access_mask, share_access,
1049 create_options, fsp_to_dup_into);
1051 return NT_STATUS_OK;
1054 /****************************************************************************
1055 Open a file with a share mode - old openX method - map into NTCreate.
1056 ****************************************************************************/
1058 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1059 uint32 *paccess_mask,
1060 uint32 *pshare_mode,
1061 uint32 *pcreate_disposition,
1062 uint32 *pcreate_options)
1066 uint32 create_disposition;
1067 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1069 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1070 "open_func = 0x%x\n",
1071 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1073 /* Create the NT compatible access_mask. */
1074 switch (GET_OPENX_MODE(deny_mode)) {
1075 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1076 case DOS_OPEN_RDONLY:
1077 access_mask = FILE_GENERIC_READ;
1079 case DOS_OPEN_WRONLY:
1080 access_mask = FILE_GENERIC_WRITE;
1084 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1087 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1088 (unsigned int)GET_OPENX_MODE(deny_mode)));
1092 /* Create the NT compatible create_disposition. */
1093 switch (open_func) {
1094 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1095 create_disposition = FILE_CREATE;
1098 case OPENX_FILE_EXISTS_OPEN:
1099 create_disposition = FILE_OPEN;
1102 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1103 create_disposition = FILE_OPEN_IF;
1106 case OPENX_FILE_EXISTS_TRUNCATE:
1107 create_disposition = FILE_OVERWRITE;
1110 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1111 create_disposition = FILE_OVERWRITE_IF;
1115 /* From samba4 - to be confirmed. */
1116 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1117 create_disposition = FILE_CREATE;
1120 DEBUG(10,("map_open_params_to_ntcreate: bad "
1121 "open_func 0x%x\n", (unsigned int)open_func));
1125 /* Create the NT compatible share modes. */
1126 switch (GET_DENY_MODE(deny_mode)) {
1128 share_mode = FILE_SHARE_NONE;
1132 share_mode = FILE_SHARE_READ;
1136 share_mode = FILE_SHARE_WRITE;
1140 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1144 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1145 if (is_executable(fname)) {
1146 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1148 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1149 share_mode = FILE_SHARE_READ;
1151 share_mode = FILE_SHARE_NONE;
1157 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1158 share_mode = FILE_SHARE_NONE;
1162 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1163 (unsigned int)GET_DENY_MODE(deny_mode) ));
1167 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1168 "share_mode = 0x%x, create_disposition = 0x%x, "
1169 "create_options = 0x%x\n",
1171 (unsigned int)access_mask,
1172 (unsigned int)share_mode,
1173 (unsigned int)create_disposition,
1174 (unsigned int)create_options ));
1177 *paccess_mask = access_mask;
1180 *pshare_mode = share_mode;
1182 if (pcreate_disposition) {
1183 *pcreate_disposition = create_disposition;
1185 if (pcreate_options) {
1186 *pcreate_options = create_options;
1193 static void schedule_defer_open(struct share_mode_lock *lck,
1194 struct timeval request_time,
1195 struct smb_request *req)
1197 struct deferred_open_record state;
1199 /* This is a relative time, added to the absolute
1200 request_time value to get the absolute timeout time.
1201 Note that if this is the second or greater time we enter
1202 this codepath for this particular request mid then
1203 request_time is left as the absolute time of the *first*
1204 time this request mid was processed. This is what allows
1205 the request to eventually time out. */
1207 struct timeval timeout;
1209 /* Normally the smbd we asked should respond within
1210 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1211 * the client did, give twice the timeout as a safety
1212 * measure here in case the other smbd is stuck
1213 * somewhere else. */
1215 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1217 /* Nothing actually uses state.delayed_for_oplocks
1218 but it's handy to differentiate in debug messages
1219 between a 30 second delay due to oplock break, and
1220 a 1 second delay for share mode conflicts. */
1222 state.delayed_for_oplocks = True;
1225 if (!request_timed_out(request_time, timeout)) {
1226 defer_open(lck, request_time, timeout, req, &state);
1230 /****************************************************************************
1231 Work out what access_mask to use from what the client sent us.
1232 ****************************************************************************/
1234 static NTSTATUS calculate_access_mask(connection_struct *conn,
1237 uint32_t access_mask,
1238 uint32_t *access_mask_out)
1243 * Convert GENERIC bits to specific bits.
1246 se_map_generic(&access_mask, &file_generic_mapping);
1248 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1249 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1252 struct security_descriptor *sd;
1253 uint32_t access_granted = 0;
1255 status = SMB_VFS_GET_NT_ACL(conn, fname,
1256 (OWNER_SECURITY_INFORMATION |
1257 GROUP_SECURITY_INFORMATION |
1258 DACL_SECURITY_INFORMATION),&sd);
1260 if (!NT_STATUS_IS_OK(status)) {
1261 DEBUG(10, ("calculate_access_mask: Could not get acl "
1264 nt_errstr(status)));
1265 return NT_STATUS_ACCESS_DENIED;
1268 status = smb1_file_se_access_check(sd,
1269 conn->server_info->ptok,
1275 if (!NT_STATUS_IS_OK(status)) {
1276 DEBUG(10, ("calculate_access_mask: Access denied on "
1277 "file %s: when calculating maximum access\n",
1279 return NT_STATUS_ACCESS_DENIED;
1282 access_mask = access_granted;
1284 access_mask = FILE_GENERIC_ALL;
1288 *access_mask_out = access_mask;
1289 return NT_STATUS_OK;
1292 /****************************************************************************
1293 Open a file with a share mode. Passed in an already created files_struct *.
1294 ****************************************************************************/
1296 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1297 struct smb_request *req,
1299 SMB_STRUCT_STAT *psbuf,
1300 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1301 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1302 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1303 uint32 create_options, /* options such as delete on close. */
1304 uint32 new_dos_attributes, /* attributes used for new file. */
1305 int oplock_request, /* internal Samba oplock codes. */
1306 /* Information (FILE_EXISTS etc.) */
1312 bool file_existed = VALID_STAT(*psbuf);
1313 bool def_acl = False;
1314 bool posix_open = False;
1315 bool new_file_created = False;
1317 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1318 mode_t new_unx_mode = (mode_t)0;
1319 mode_t unx_mode = (mode_t)0;
1321 uint32 existing_dos_attributes = 0;
1322 struct pending_message_list *pml = NULL;
1323 struct timeval request_time = timeval_zero();
1324 struct share_mode_lock *lck = NULL;
1325 uint32 open_access_mask = access_mask;
1329 const char *newname;
1333 if (conn->printer) {
1335 * Printers are handled completely differently.
1336 * Most of the passed parameters are ignored.
1340 *pinfo = FILE_WAS_CREATED;
1343 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1345 return print_fsp_open(conn, fname, req->vuid, fsp, psbuf);
1348 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1350 return NT_STATUS_NO_MEMORY;
1353 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1355 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1356 new_dos_attributes = 0;
1358 /* We add aARCH to this as this mode is only used if the file is
1360 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1364 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1365 "access_mask=0x%x share_access=0x%x "
1366 "create_disposition = 0x%x create_options=0x%x "
1367 "unix mode=0%o oplock_request=%d\n",
1368 fname, new_dos_attributes, access_mask, share_access,
1369 create_disposition, create_options, unx_mode,
1372 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1373 DEBUG(0, ("No smb request but not an internal only open!\n"));
1374 return NT_STATUS_INTERNAL_ERROR;
1378 * Only non-internal opens can be deferred at all
1382 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1383 struct deferred_open_record *state =
1384 (struct deferred_open_record *)pml->private_data.data;
1386 /* Remember the absolute time of the original
1387 request with this mid. We'll use it later to
1388 see if this has timed out. */
1390 request_time = pml->request_time;
1392 /* Remove the deferred open entry under lock. */
1393 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1396 DEBUG(0, ("could not get share mode lock\n"));
1398 del_deferred_open_entry(lck, req->mid);
1402 /* Ensure we don't reprocess this message. */
1403 remove_deferred_open_smb_message(req->mid);
1406 status = check_name(conn, fname);
1407 if (!NT_STATUS_IS_OK(status)) {
1412 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1414 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1418 /* ignore any oplock requests if oplocks are disabled */
1419 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1420 IS_VETO_OPLOCK_PATH(conn, fname)) {
1421 /* Mask off everything except the private Samba bits. */
1422 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1425 /* this is for OS/2 long file names - say we don't support them */
1426 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1427 /* OS/2 Workplace shell fix may be main code stream in a later
1429 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1431 if (use_nt_status()) {
1432 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1434 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1437 switch( create_disposition ) {
1439 * Currently we're using FILE_SUPERSEDE as the same as
1440 * FILE_OVERWRITE_IF but they really are
1441 * different. FILE_SUPERSEDE deletes an existing file
1442 * (requiring delete access) then recreates it.
1444 case FILE_SUPERSEDE:
1445 /* If file exists replace/overwrite. If file doesn't
1447 flags2 |= (O_CREAT | O_TRUNC);
1450 case FILE_OVERWRITE_IF:
1451 /* If file exists replace/overwrite. If file doesn't
1453 flags2 |= (O_CREAT | O_TRUNC);
1457 /* If file exists open. If file doesn't exist error. */
1458 if (!file_existed) {
1459 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1460 "requested for file %s and file "
1461 "doesn't exist.\n", fname ));
1463 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1467 case FILE_OVERWRITE:
1468 /* If file exists overwrite. If file doesn't exist
1470 if (!file_existed) {
1471 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1472 "requested for file %s and file "
1473 "doesn't exist.\n", fname ));
1475 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1481 /* If file exists error. If file doesn't exist
1484 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1485 "requested for file %s and file "
1486 "already exists.\n", fname ));
1487 if (S_ISDIR(psbuf->st_mode)) {
1492 return map_nt_error_from_unix(errno);
1494 flags2 |= (O_CREAT|O_EXCL);
1498 /* If file exists open. If file doesn't exist
1504 return NT_STATUS_INVALID_PARAMETER;
1507 /* We only care about matching attributes on file exists and
1510 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1511 (create_disposition == FILE_OVERWRITE_IF))) {
1512 if (!open_match_attributes(conn, fname,
1513 existing_dos_attributes,
1514 new_dos_attributes, psbuf->st_mode,
1515 unx_mode, &new_unx_mode)) {
1516 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1517 "for file %s (%x %x) (0%o, 0%o)\n",
1518 fname, existing_dos_attributes,
1520 (unsigned int)psbuf->st_mode,
1521 (unsigned int)unx_mode ));
1523 return NT_STATUS_ACCESS_DENIED;
1527 status = calculate_access_mask(conn, fname, file_existed,
1530 if (!NT_STATUS_IS_OK(status)) {
1531 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1532 "on file %s returned %s\n",
1534 nt_errstr(status)));
1538 open_access_mask = access_mask;
1540 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1541 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1544 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1545 "access_mask=0x%x\n", fname, access_mask ));
1548 * Note that we ignore the append flag as append does not
1549 * mean the same thing under DOS and Unix.
1552 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1553 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1554 /* DENY_DOS opens are always underlying read-write on the
1555 file handle, no matter what the requested access mask
1557 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1558 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1568 * Currently we only look at FILE_WRITE_THROUGH for create options.
1572 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1577 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1581 if (!posix_open && !CAN_WRITE(conn)) {
1583 * We should really return a permission denied error if either
1584 * O_CREAT or O_TRUNC are set, but for compatibility with
1585 * older versions of Samba we just AND them out.
1587 flags2 &= ~(O_CREAT|O_TRUNC);
1591 * Ensure we can't write on a read-only share or file.
1594 if (flags != O_RDONLY && file_existed &&
1595 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1596 DEBUG(5,("open_file_ntcreate: write access requested for "
1597 "file %s on read only %s\n",
1598 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1600 return NT_STATUS_ACCESS_DENIED;
1603 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1604 fsp->share_access = share_access;
1605 fsp->fh->private_options = create_options;
1606 fsp->access_mask = open_access_mask; /* We change this to the
1607 * requested access_mask after
1608 * the open is done. */
1609 fsp->posix_open = posix_open;
1611 /* Ensure no SAMBA_PRIVATE bits can be set. */
1612 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1614 if (timeval_is_zero(&request_time)) {
1615 request_time = fsp->open_time;
1619 struct timespec old_write_time = get_mtimespec(psbuf);
1620 id = vfs_file_id_from_sbuf(conn, psbuf);
1622 lck = get_share_mode_lock(talloc_tos(), id,
1624 fname, &old_write_time);
1627 DEBUG(0, ("Could not get share mode lock\n"));
1628 return NT_STATUS_SHARING_VIOLATION;
1631 /* First pass - send break only on batch oplocks. */
1633 && delay_for_oplocks(lck, fsp, req->mid, 1,
1635 schedule_defer_open(lck, request_time, req);
1637 return NT_STATUS_SHARING_VIOLATION;
1640 /* Use the client requested access mask here, not the one we
1642 status = open_mode_check(conn, fname, lck,
1643 access_mask, share_access,
1644 create_options, &file_existed);
1646 if (NT_STATUS_IS_OK(status)) {
1647 /* We might be going to allow this open. Check oplock
1649 /* Second pass - send break for both batch or
1650 * exclusive oplocks. */
1652 && delay_for_oplocks(lck, fsp, req->mid, 2,
1654 schedule_defer_open(lck, request_time, req);
1656 return NT_STATUS_SHARING_VIOLATION;
1660 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1661 /* DELETE_PENDING is not deferred for a second */
1666 if (!NT_STATUS_IS_OK(status)) {
1667 uint32 can_access_mask;
1668 bool can_access = True;
1670 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1672 /* Check if this can be done with the deny_dos and fcb
1674 if (create_options &
1675 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1676 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1678 DEBUG(0, ("DOS open without an SMB "
1681 return NT_STATUS_INTERNAL_ERROR;
1684 /* Use the client requested access mask here,
1685 * not the one we open with. */
1686 status = fcb_or_dos_open(conn,
1696 if (NT_STATUS_IS_OK(status)) {
1699 *pinfo = FILE_WAS_OPENED;
1701 return NT_STATUS_OK;
1706 * This next line is a subtlety we need for
1707 * MS-Access. If a file open will fail due to share
1708 * permissions and also for security (access) reasons,
1709 * we need to return the access failed error, not the
1710 * share error. We can't open the file due to kernel
1711 * oplock deadlock (it's possible we failed above on
1712 * the open_mode_check()) so use a userspace check.
1715 if (flags & O_RDWR) {
1716 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1717 } else if (flags & O_WRONLY) {
1718 can_access_mask = FILE_WRITE_DATA;
1720 can_access_mask = FILE_READ_DATA;
1723 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1724 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1729 * If we're returning a share violation, ensure we
1730 * cope with the braindead 1 second delay.
1733 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1734 lp_defer_sharing_violations()) {
1735 struct timeval timeout;
1736 struct deferred_open_record state;
1739 /* this is a hack to speed up torture tests
1741 timeout_usecs = lp_parm_int(SNUM(conn),
1742 "smbd","sharedelay",
1743 SHARING_VIOLATION_USEC_WAIT);
1745 /* This is a relative time, added to the absolute
1746 request_time value to get the absolute timeout time.
1747 Note that if this is the second or greater time we enter
1748 this codepath for this particular request mid then
1749 request_time is left as the absolute time of the *first*
1750 time this request mid was processed. This is what allows
1751 the request to eventually time out. */
1753 timeout = timeval_set(0, timeout_usecs);
1755 /* Nothing actually uses state.delayed_for_oplocks
1756 but it's handy to differentiate in debug messages
1757 between a 30 second delay due to oplock break, and
1758 a 1 second delay for share mode conflicts. */
1760 state.delayed_for_oplocks = False;
1764 && !request_timed_out(request_time,
1766 defer_open(lck, request_time, timeout,
1774 * We have detected a sharing violation here
1775 * so return the correct error code
1777 status = NT_STATUS_SHARING_VIOLATION;
1779 status = NT_STATUS_ACCESS_DENIED;
1785 * We exit this block with the share entry *locked*.....
1789 SMB_ASSERT(!file_existed || (lck != NULL));
1792 * Ensure we pay attention to default ACLs on directories if required.
1795 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1796 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1800 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1801 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1802 (unsigned int)flags, (unsigned int)flags2,
1803 (unsigned int)unx_mode, (unsigned int)access_mask,
1804 (unsigned int)open_access_mask));
1807 * open_file strips any O_TRUNC flags itself.
1810 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1811 flags|flags2, unx_mode, access_mask,
1814 if (!NT_STATUS_IS_OK(fsp_open)) {
1821 if (!file_existed) {
1822 struct timespec old_write_time = get_mtimespec(psbuf);
1824 * Deal with the race condition where two smbd's detect the
1825 * file doesn't exist and do the create at the same time. One
1826 * of them will win and set a share mode, the other (ie. this
1827 * one) should check if the requested share mode for this
1828 * create is allowed.
1832 * Now the file exists and fsp is successfully opened,
1833 * fsp->dev and fsp->inode are valid and should replace the
1834 * dev=0,inode=0 from a non existent file. Spotted by
1835 * Nadav Danieli <nadavd@exanet.com>. JRA.
1840 lck = get_share_mode_lock(talloc_tos(), id,
1842 fname, &old_write_time);
1845 DEBUG(0, ("open_file_ntcreate: Could not get share "
1846 "mode lock for %s\n", fname));
1848 return NT_STATUS_SHARING_VIOLATION;
1851 /* First pass - send break only on batch oplocks. */
1853 && delay_for_oplocks(lck, fsp, req->mid, 1,
1855 schedule_defer_open(lck, request_time, req);
1858 return NT_STATUS_SHARING_VIOLATION;
1861 status = open_mode_check(conn, fname, lck,
1862 access_mask, share_access,
1863 create_options, &file_existed);
1865 if (NT_STATUS_IS_OK(status)) {
1866 /* We might be going to allow this open. Check oplock
1868 /* Second pass - send break for both batch or
1869 * exclusive oplocks. */
1871 && delay_for_oplocks(lck, fsp, req->mid, 2,
1873 schedule_defer_open(lck, request_time, req);
1876 return NT_STATUS_SHARING_VIOLATION;
1880 if (!NT_STATUS_IS_OK(status)) {
1881 struct deferred_open_record state;
1885 state.delayed_for_oplocks = False;
1888 /* Do it all over again immediately. In the second
1889 * round we will find that the file existed and handle
1890 * the DELETE_PENDING and FCB cases correctly. No need
1891 * to duplicate the code here. Essentially this is a
1892 * "goto top of this function", but don't tell
1896 defer_open(lck, request_time, timeval_zero(),
1904 * We exit this block with the share entry *locked*.....
1909 SMB_ASSERT(lck != NULL);
1911 /* note that we ignore failure for the following. It is
1912 basically a hack for NFS, and NFS will never set one of
1913 these only read them. Nobody but Samba can ever set a deny
1914 mode and we have already checked our more authoritative
1915 locking database for permission to set this deny mode. If
1916 the kernel refuses the operations then the kernel is wrong.
1917 note that GPFS supports it as well - jmcd */
1919 if (fsp->fh->fd != -1) {
1920 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1921 if(ret_flock == -1 ){
1926 return NT_STATUS_SHARING_VIOLATION;
1931 * At this point onwards, we can guarentee that the share entry
1932 * is locked, whether we created the file or not, and that the
1933 * deny mode is compatible with all current opens.
1937 * If requested, truncate the file.
1940 if (flags2&O_TRUNC) {
1942 * We are modifing the file after open - update the stat
1945 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1946 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1947 status = map_nt_error_from_unix(errno);
1954 /* Record the options we were opened with. */
1955 fsp->share_access = share_access;
1956 fsp->fh->private_options = create_options;
1958 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1960 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1963 /* stat opens on existing files don't get oplocks. */
1964 if (is_stat_open(open_access_mask)) {
1965 fsp->oplock_type = NO_OPLOCK;
1968 if (!(flags2 & O_TRUNC)) {
1969 info = FILE_WAS_OPENED;
1971 info = FILE_WAS_OVERWRITTEN;
1974 info = FILE_WAS_CREATED;
1982 * Setup the oplock info in both the shared memory and
1986 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1987 /* Could not get the kernel oplock */
1988 fsp->oplock_type = NO_OPLOCK;
1991 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1992 new_file_created = True;
1995 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
1998 /* Handle strange delete on close create semantics. */
1999 if (create_options & FILE_DELETE_ON_CLOSE) {
2001 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2003 if (!NT_STATUS_IS_OK(status)) {
2004 /* Remember to delete the mode we just added. */
2005 del_share_mode(lck, fsp);
2010 /* Note that here we set the *inital* delete on close flag,
2011 not the regular one. The magic gets handled in close. */
2012 fsp->initial_delete_on_close = True;
2015 if (new_file_created) {
2016 /* Files should be initially set as archive */
2017 if (lp_map_archive(SNUM(conn)) ||
2018 lp_store_dos_attributes(SNUM(conn))) {
2020 SMB_STRUCT_STAT tmp_sbuf;
2021 SET_STAT_INVALID(tmp_sbuf);
2022 if (file_set_dosmode(
2024 new_dos_attributes | aARCH,
2025 &tmp_sbuf, parent_dir,
2027 unx_mode = tmp_sbuf.st_mode;
2034 * Take care of inherited ACLs on created files - if default ACL not
2038 if (!posix_open && !file_existed && !def_acl) {
2040 int saved_errno = errno; /* We might get ENOSYS in the next
2043 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2045 errno = saved_errno; /* Ignore ENOSYS */
2048 } else if (new_unx_mode) {
2052 /* Attributes need changing. File already existed. */
2055 int saved_errno = errno; /* We might get ENOSYS in the
2057 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2059 if (ret == -1 && errno == ENOSYS) {
2060 errno = saved_errno; /* Ignore ENOSYS */
2062 DEBUG(5, ("open_file_ntcreate: reset "
2063 "attributes of file %s to 0%o\n",
2064 fname, (unsigned int)new_unx_mode));
2065 ret = 0; /* Don't do the fchmod below. */
2070 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2071 DEBUG(5, ("open_file_ntcreate: failed to reset "
2072 "attributes of file %s to 0%o\n",
2073 fname, (unsigned int)new_unx_mode));
2076 /* If this is a successful open, we must remove any deferred open
2079 del_deferred_open_entry(lck, req->mid);
2083 return NT_STATUS_OK;
2086 /****************************************************************************
2087 Open a file with a share mode.
2088 ****************************************************************************/
2090 NTSTATUS open_file_ntcreate(connection_struct *conn,
2091 struct smb_request *req,
2093 SMB_STRUCT_STAT *psbuf,
2094 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2095 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2096 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2097 uint32 create_options, /* options such as delete on close. */
2098 uint32 new_dos_attributes, /* attributes used for new file. */
2099 int oplock_request, /* internal Samba oplock codes. */
2100 /* Information (FILE_EXISTS etc.) */
2102 files_struct **result)
2105 files_struct *fsp = NULL;
2109 status = file_new(conn, &fsp);
2110 if(!NT_STATUS_IS_OK(status)) {
2114 status = open_file_ntcreate_internal(conn,
2127 if(!NT_STATUS_IS_OK(status)) {
2136 /****************************************************************************
2137 Open a file for for write to ensure that we can fchmod it.
2138 ****************************************************************************/
2140 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
2141 SMB_STRUCT_STAT *psbuf, files_struct **result)
2143 files_struct *fsp = NULL;
2146 if (!VALID_STAT(*psbuf)) {
2147 return NT_STATUS_INVALID_PARAMETER;
2150 status = file_new(conn, &fsp);
2151 if(!NT_STATUS_IS_OK(status)) {
2155 /* note! we must use a non-zero desired access or we don't get
2156 a real file descriptor. Oh what a twisted web we weave. */
2157 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2158 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2161 * This is not a user visible file open.
2162 * Don't set a share mode.
2165 if (!NT_STATUS_IS_OK(status)) {
2171 return NT_STATUS_OK;
2174 /****************************************************************************
2175 Close the fchmod file fd - ensure no locks are lost.
2176 ****************************************************************************/
2178 NTSTATUS close_file_fchmod(files_struct *fsp)
2180 NTSTATUS status = fd_close(fsp);
2185 static NTSTATUS mkdir_internal(connection_struct *conn,
2187 uint32 file_attributes,
2188 SMB_STRUCT_STAT *psbuf)
2192 const char *dirname;
2194 bool posix_open = false;
2196 if(!CAN_WRITE(conn)) {
2197 DEBUG(5,("mkdir_internal: failing create on read-only share "
2198 "%s\n", lp_servicename(SNUM(conn))));
2199 return NT_STATUS_ACCESS_DENIED;
2202 status = check_name(conn, name);
2203 if (!NT_STATUS_IS_OK(status)) {
2207 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2209 return NT_STATUS_NO_MEMORY;
2212 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2214 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2216 mode = unix_mode(conn, aDIR, name, parent_dir);
2219 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2220 return map_nt_error_from_unix(errno);
2223 /* Ensure we're checking for a symlink here.... */
2224 /* We don't want to get caught by a symlink racer. */
2226 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2227 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2228 name, strerror(errno)));
2229 return map_nt_error_from_unix(errno);
2232 if (!S_ISDIR(psbuf->st_mode)) {
2233 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2235 return NT_STATUS_ACCESS_DENIED;
2238 if (lp_store_dos_attributes(SNUM(conn))) {
2240 file_set_dosmode(conn, name,
2241 file_attributes | aDIR, NULL,
2247 if (lp_inherit_perms(SNUM(conn))) {
2248 inherit_access_posix_acl(conn, parent_dir, name, mode);
2251 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2253 * Check if high bits should have been set,
2254 * then (if bits are missing): add them.
2255 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2258 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2259 SMB_VFS_CHMOD(conn, name,
2260 psbuf->st_mode | (mode & ~psbuf->st_mode));
2264 /* Change the owner if required. */
2265 if (lp_inherit_owner(SNUM(conn))) {
2266 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2269 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2272 return NT_STATUS_OK;
2275 /****************************************************************************
2276 Open a directory from an NT SMB call.
2277 ****************************************************************************/
2279 NTSTATUS open_directory(connection_struct *conn,
2280 struct smb_request *req,
2282 SMB_STRUCT_STAT *psbuf,
2284 uint32 share_access,
2285 uint32 create_disposition,
2286 uint32 create_options,
2287 uint32 file_attributes,
2289 files_struct **result)
2291 files_struct *fsp = NULL;
2292 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2293 struct share_mode_lock *lck = NULL;
2295 struct timespec mtimespec;
2298 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2299 "share_access = 0x%x create_options = 0x%x, "
2300 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2302 (unsigned int)access_mask,
2303 (unsigned int)share_access,
2304 (unsigned int)create_options,
2305 (unsigned int)create_disposition,
2306 (unsigned int)file_attributes));
2308 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2309 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2310 is_ntfs_stream_name(fname)) {
2311 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2312 return NT_STATUS_NOT_A_DIRECTORY;
2315 status = calculate_access_mask(conn, fname, dir_existed,
2318 if (!NT_STATUS_IS_OK(status)) {
2319 DEBUG(10, ("open_directory: calculate_access_mask "
2320 "on file %s returned %s\n",
2322 nt_errstr(status)));
2326 switch( create_disposition ) {
2329 info = FILE_WAS_OPENED;
2332 * We want to follow symlinks here.
2335 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2336 return map_nt_error_from_unix(errno);
2343 /* If directory exists error. If directory doesn't
2346 status = mkdir_internal(conn,
2351 if (!NT_STATUS_IS_OK(status)) {
2352 DEBUG(2, ("open_directory: unable to create "
2353 "%s. Error was %s\n", fname,
2354 nt_errstr(status)));
2358 info = FILE_WAS_CREATED;
2363 * If directory exists open. If directory doesn't
2367 status = mkdir_internal(conn,
2372 if (NT_STATUS_IS_OK(status)) {
2373 info = FILE_WAS_CREATED;
2376 if (NT_STATUS_EQUAL(status,
2377 NT_STATUS_OBJECT_NAME_COLLISION)) {
2378 info = FILE_WAS_OPENED;
2379 status = NT_STATUS_OK;
2384 case FILE_SUPERSEDE:
2385 case FILE_OVERWRITE:
2386 case FILE_OVERWRITE_IF:
2388 DEBUG(5,("open_directory: invalid create_disposition "
2389 "0x%x for directory %s\n",
2390 (unsigned int)create_disposition, fname));
2391 return NT_STATUS_INVALID_PARAMETER;
2394 if(!S_ISDIR(psbuf->st_mode)) {
2395 DEBUG(5,("open_directory: %s is not a directory !\n",
2397 return NT_STATUS_NOT_A_DIRECTORY;
2400 if (info == FILE_WAS_OPENED) {
2401 status = check_open_rights(conn,
2404 if (!NT_STATUS_IS_OK(status)) {
2405 DEBUG(10, ("open_directory: check_open_rights on "
2406 "file %s failed with %s\n",
2408 nt_errstr(status)));
2413 status = file_new(conn, &fsp);
2414 if(!NT_STATUS_IS_OK(status)) {
2419 * Setup the files_struct for it.
2422 fsp->mode = psbuf->st_mode;
2423 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2424 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2425 fsp->file_pid = req ? req->smbpid : 0;
2426 fsp->can_lock = False;
2427 fsp->can_read = False;
2428 fsp->can_write = False;
2430 fsp->share_access = share_access;
2431 fsp->fh->private_options = create_options;
2433 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2435 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2436 fsp->print_file = False;
2437 fsp->modified = False;
2438 fsp->oplock_type = NO_OPLOCK;
2439 fsp->sent_oplock_break = NO_BREAK_SENT;
2440 fsp->is_directory = True;
2441 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2443 string_set(&fsp->fsp_name,fname);
2445 mtimespec = get_mtimespec(psbuf);
2447 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2452 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2454 return NT_STATUS_SHARING_VIOLATION;
2457 status = open_mode_check(conn, fname, lck,
2458 access_mask, share_access,
2459 create_options, &dir_existed);
2461 if (!NT_STATUS_IS_OK(status)) {
2467 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2469 /* For directories the delete on close bit at open time seems
2470 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2471 if (create_options & FILE_DELETE_ON_CLOSE) {
2472 status = can_set_delete_on_close(fsp, True, 0);
2473 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2479 if (NT_STATUS_IS_OK(status)) {
2480 /* Note that here we set the *inital* delete on close flag,
2481 not the regular one. The magic gets handled in close. */
2482 fsp->initial_delete_on_close = True;
2493 return NT_STATUS_OK;
2496 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2499 SMB_STRUCT_STAT sbuf;
2502 SET_STAT_INVALID(sbuf);
2504 status = open_directory(conn, req, directory, &sbuf,
2505 FILE_READ_ATTRIBUTES, /* Just a stat open */
2506 FILE_SHARE_NONE, /* Ignored for stat opens */
2509 FILE_ATTRIBUTE_DIRECTORY,
2513 if (NT_STATUS_IS_OK(status)) {
2514 close_file(fsp, NORMAL_CLOSE);
2520 /****************************************************************************
2521 Receive notification that one of our open files has been renamed by another
2523 ****************************************************************************/
2525 void msg_file_was_renamed(struct messaging_context *msg,
2528 struct server_id server_id,
2532 char *frm = (char *)data->data;
2534 const char *sharepath;
2535 const char *newname;
2538 if (data->data == NULL
2539 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2540 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2541 (int)data->length));
2545 /* Unpack the message. */
2546 pull_file_id_16(frm, &id);
2547 sharepath = &frm[16];
2548 newname = sharepath + strlen(sharepath) + 1;
2549 sp_len = strlen(sharepath);
2551 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2553 sharepath, newname, file_id_string_tos(&id)));
2555 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2556 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2557 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2558 fsp->fnum, fsp->fsp_name, newname ));
2559 string_set(&fsp->fsp_name, newname);
2562 /* Now we have the complete path we can work out if this is
2563 actually within this share and adjust newname accordingly. */
2564 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2565 "not sharepath %s) "
2566 "fnum %d from %s -> %s\n",
2567 fsp->conn->connectpath,
2576 struct case_semantics_state {
2577 connection_struct *conn;
2578 bool case_sensitive;
2580 bool short_case_preserve;
2583 /****************************************************************************
2584 Restore case semantics.
2585 ****************************************************************************/
2586 static int restore_case_semantics(struct case_semantics_state *state)
2588 state->conn->case_sensitive = state->case_sensitive;
2589 state->conn->case_preserve = state->case_preserve;
2590 state->conn->short_case_preserve = state->short_case_preserve;
2594 /****************************************************************************
2595 Save case semantics.
2596 ****************************************************************************/
2597 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2598 connection_struct *conn)
2600 struct case_semantics_state *result;
2602 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2603 DEBUG(0, ("talloc failed\n"));
2607 result->conn = conn;
2608 result->case_sensitive = conn->case_sensitive;
2609 result->case_preserve = conn->case_preserve;
2610 result->short_case_preserve = conn->short_case_preserve;
2613 conn->case_sensitive = True;
2614 conn->case_preserve = True;
2615 conn->short_case_preserve = True;
2617 talloc_set_destructor(result, restore_case_semantics);
2623 * If a main file is opened for delete, all streams need to be checked for
2624 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2625 * If that works, delete them all by setting the delete on close and close.
2628 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2631 struct stream_struct *stream_info;
2632 files_struct **streams;
2634 unsigned int num_streams;
2635 TALLOC_CTX *frame = talloc_stackframe();
2638 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2639 &num_streams, &stream_info);
2641 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2642 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2643 DEBUG(10, ("no streams around\n"));
2645 return NT_STATUS_OK;
2648 if (!NT_STATUS_IS_OK(status)) {
2649 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2650 nt_errstr(status)));
2654 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2657 if (num_streams == 0) {
2659 return NT_STATUS_OK;
2662 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2663 if (streams == NULL) {
2664 DEBUG(0, ("talloc failed\n"));
2665 status = NT_STATUS_NO_MEMORY;
2669 for (i=0; i<num_streams; i++) {
2672 if (strequal(stream_info[i].name, "::$DATA")) {
2677 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2678 stream_info[i].name);
2680 if (streamname == NULL) {
2681 DEBUG(0, ("talloc_aprintf failed\n"));
2682 status = NT_STATUS_NO_MEMORY;
2686 status = create_file_unixpath
2689 streamname, /* fname */
2690 DELETE_ACCESS, /* access_mask */
2691 FILE_SHARE_READ | FILE_SHARE_WRITE
2692 | FILE_SHARE_DELETE, /* share_access */
2693 FILE_OPEN, /* create_disposition*/
2694 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2695 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2696 0, /* oplock_request */
2697 0, /* allocation_size */
2700 &streams[i], /* result */
2704 TALLOC_FREE(streamname);
2706 if (!NT_STATUS_IS_OK(status)) {
2707 DEBUG(10, ("Could not open stream %s: %s\n",
2708 streamname, nt_errstr(status)));
2714 * don't touch the variable "status" beyond this point :-)
2717 for (i -= 1 ; i >= 0; i--) {
2718 if (streams[i] == NULL) {
2722 DEBUG(10, ("Closing stream # %d, %s\n", i,
2723 streams[i]->fsp_name));
2724 close_file(streams[i], NORMAL_CLOSE);
2733 * Wrapper around open_file_ntcreate and open_directory
2736 NTSTATUS create_file_unixpath(connection_struct *conn,
2737 struct smb_request *req,
2739 uint32_t access_mask,
2740 uint32_t share_access,
2741 uint32_t create_disposition,
2742 uint32_t create_options,
2743 uint32_t file_attributes,
2744 uint32_t oplock_request,
2745 SMB_BIG_UINT allocation_size,
2746 struct security_descriptor *sd,
2747 struct ea_list *ea_list,
2749 files_struct **result,
2751 SMB_STRUCT_STAT *psbuf)
2753 SMB_STRUCT_STAT sbuf;
2754 int info = FILE_WAS_OPENED;
2755 files_struct *base_fsp = NULL;
2756 files_struct *fsp = NULL;
2759 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2760 "file_attributes = 0x%x, share_access = 0x%x, "
2761 "create_disposition = 0x%x create_options = 0x%x "
2762 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2764 (unsigned int)access_mask,
2765 (unsigned int)file_attributes,
2766 (unsigned int)share_access,
2767 (unsigned int)create_disposition,
2768 (unsigned int)create_options,
2769 (unsigned int)oplock_request,
2770 ea_list, sd, fname));
2772 if (create_options & FILE_OPEN_BY_FILE_ID) {
2773 status = NT_STATUS_NOT_SUPPORTED;
2777 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2778 status = NT_STATUS_INVALID_PARAMETER;
2783 oplock_request |= INTERNAL_OPEN_ONLY;
2786 if (psbuf != NULL) {
2790 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2791 SET_STAT_INVALID(sbuf);
2795 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2796 && (access_mask & DELETE_ACCESS)
2797 && !is_ntfs_stream_name(fname)) {
2799 * We can't open a file with DELETE access if any of the
2800 * streams is open without FILE_SHARE_DELETE
2802 status = open_streams_for_delete(conn, fname);
2804 if (!NT_STATUS_IS_OK(status)) {
2809 /* This is the correct thing to do (check every time) but can_delete
2810 * is expensive (it may have to read the parent directory
2811 * permissions). So for now we're not doing it unless we have a strong
2812 * hint the client is really going to delete this file. If the client
2813 * is forcing FILE_CREATE let the filesystem take care of the
2816 /* Setting FILE_SHARE_DELETE is the hint. */
2818 if (lp_acl_check_permissions(SNUM(conn))
2819 && (create_disposition != FILE_CREATE)
2820 && (share_access & FILE_SHARE_DELETE)
2821 && (access_mask & DELETE_ACCESS)
2822 && (!can_delete_file_in_directory(conn, fname))) {
2823 status = NT_STATUS_ACCESS_DENIED;
2828 /* We need to support SeSecurityPrivilege for this. */
2829 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2830 !user_has_privileges(current_user.nt_user_token,
2832 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2837 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2838 && is_ntfs_stream_name(fname)
2839 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2841 uint32 base_create_disposition;
2843 if (create_options & FILE_DIRECTORY_FILE) {
2844 status = NT_STATUS_NOT_A_DIRECTORY;
2848 status = split_ntfs_stream_name(talloc_tos(), fname,
2850 if (!NT_STATUS_IS_OK(status)) {
2851 DEBUG(10, ("create_file_unixpath: "
2852 "split_ntfs_stream_name failed: %s\n",
2853 nt_errstr(status)));
2857 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2859 switch (create_disposition) {
2861 base_create_disposition = FILE_OPEN;
2864 base_create_disposition = FILE_OPEN_IF;
2868 status = create_file_unixpath(conn, NULL, base, 0,
2871 | FILE_SHARE_DELETE,
2872 base_create_disposition,
2873 0, 0, 0, 0, NULL, NULL,
2874 &base_fsp, NULL, NULL);
2875 if (!NT_STATUS_IS_OK(status)) {
2876 DEBUG(10, ("create_file_unixpath for base %s failed: "
2877 "%s\n", base, nt_errstr(status)));
2880 /* we don't need to low level fd */
2885 * If it's a request for a directory open, deal with it separately.
2888 if (create_options & FILE_DIRECTORY_FILE) {
2890 if (create_options & FILE_NON_DIRECTORY_FILE) {
2891 status = NT_STATUS_INVALID_PARAMETER;
2895 /* Can't open a temp directory. IFS kit test. */
2896 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2897 status = NT_STATUS_INVALID_PARAMETER;
2902 * We will get a create directory here if the Win32
2903 * app specified a security descriptor in the
2904 * CreateDirectory() call.
2908 status = open_directory(
2909 conn, req, fname, &sbuf, access_mask, share_access,
2910 create_disposition, create_options, file_attributes,
2915 * Ordinary file case.
2920 * We're opening the stream element of a base_fsp
2921 * we already opened. We need to initialize
2922 * the fsp first, and set up the base_fsp pointer.
2924 status = file_new(conn, &fsp);
2925 if(!NT_STATUS_IS_OK(status)) {
2929 fsp->base_fsp = base_fsp;
2931 status = open_file_ntcreate_internal(conn,
2944 if(!NT_STATUS_IS_OK(status)) {
2949 status = open_file_ntcreate(
2950 conn, req, fname, &sbuf, access_mask, share_access,
2951 create_disposition, create_options, file_attributes,
2952 oplock_request, &info, &fsp);
2955 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2957 /* A stream open never opens a directory */
2960 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2965 * Fail the open if it was explicitly a non-directory
2969 if (create_options & FILE_NON_DIRECTORY_FILE) {
2970 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2975 status = open_directory(
2976 conn, req, fname, &sbuf, access_mask,
2977 share_access, create_disposition,
2978 create_options, file_attributes,
2983 if (!NT_STATUS_IS_OK(status)) {
2987 fsp->base_fsp = base_fsp;
2990 * According to the MS documentation, the only time the security
2991 * descriptor is applied to the opened file is iff we *created* the
2992 * file; an existing file stays the same.
2994 * Also, it seems (from observation) that you can open the file with
2995 * any access mask but you can still write the sd. We need to override
2996 * the granted access before we call set_sd
2997 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3000 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3001 && lp_nt_acl_support(SNUM(conn))) {
3003 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
3004 uint32_t saved_access_mask = fsp->access_mask;
3006 if (sd->owner_sid == NULL) {
3007 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
3009 if (sd->group_sid == NULL) {
3010 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
3012 if (sd->sacl == NULL) {
3013 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
3015 if (sd->dacl == NULL) {
3016 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
3019 fsp->access_mask = FILE_GENERIC_ALL;
3021 /* Convert all the generic bits. */
3022 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3023 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3025 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3026 GROUP_SECURITY_INFORMATION|
3027 DACL_SECURITY_INFORMATION|
3028 SACL_SECURITY_INFORMATION)) {
3029 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3032 fsp->access_mask = saved_access_mask;
3034 if (!NT_STATUS_IS_OK(status)) {
3039 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3040 status = set_ea(conn, fsp, fname, ea_list);
3041 if (!NT_STATUS_IS_OK(status)) {
3046 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3047 status = NT_STATUS_ACCESS_DENIED;
3051 /* Save the requested allocation size. */
3052 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3054 && (allocation_size > sbuf.st_size)) {
3055 fsp->initial_allocation_size = smb_roundup(
3056 fsp->conn, allocation_size);
3057 if (fsp->is_directory) {
3058 /* Can't set allocation size on a directory. */
3059 status = NT_STATUS_ACCESS_DENIED;
3062 if (vfs_allocate_file_space(
3063 fsp, fsp->initial_allocation_size) == -1) {
3064 status = NT_STATUS_DISK_FULL;
3068 fsp->initial_allocation_size = smb_roundup(
3069 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
3073 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3076 if (pinfo != NULL) {
3079 if (psbuf != NULL) {
3080 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3084 SMB_VFS_FSTAT(fsp, psbuf);
3087 return NT_STATUS_OK;
3090 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3093 if (base_fsp && fsp->base_fsp == base_fsp) {
3095 * The close_file below will close
3100 close_file(fsp, ERROR_CLOSE);
3103 if (base_fsp != NULL) {
3104 close_file(base_fsp, ERROR_CLOSE);
3110 NTSTATUS create_file(connection_struct *conn,
3111 struct smb_request *req,
3112 uint16_t root_dir_fid,
3114 uint32_t access_mask,
3115 uint32_t share_access,
3116 uint32_t create_disposition,
3117 uint32_t create_options,
3118 uint32_t file_attributes,
3119 uint32_t oplock_request,
3120 SMB_BIG_UINT allocation_size,
3121 struct security_descriptor *sd,
3122 struct ea_list *ea_list,
3124 files_struct **result,
3126 SMB_STRUCT_STAT *psbuf)
3128 struct case_semantics_state *case_state = NULL;
3129 SMB_STRUCT_STAT sbuf;
3130 int info = FILE_WAS_OPENED;
3131 files_struct *fsp = NULL;
3134 DEBUG(10,("create_file: access_mask = 0x%x "
3135 "file_attributes = 0x%x, share_access = 0x%x, "
3136 "create_disposition = 0x%x create_options = 0x%x "
3137 "oplock_request = 0x%x "
3138 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3140 (unsigned int)access_mask,
3141 (unsigned int)file_attributes,
3142 (unsigned int)share_access,
3143 (unsigned int)create_disposition,
3144 (unsigned int)create_options,
3145 (unsigned int)oplock_request,
3146 (unsigned int)root_dir_fid,
3147 ea_list, sd, fname));
3150 * Get the file name.
3153 if (root_dir_fid != 0) {
3155 * This filename is relative to a directory fid.
3157 char *parent_fname = NULL;
3158 files_struct *dir_fsp = file_fsp(root_dir_fid);
3160 if (dir_fsp == NULL) {
3161 status = NT_STATUS_INVALID_HANDLE;
3165 if (!dir_fsp->is_directory) {
3168 * Check to see if this is a mac fork of some kind.
3171 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3172 is_ntfs_stream_name(fname)) {
3173 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3178 we need to handle the case when we get a
3179 relative open relative to a file and the
3180 pathname is blank - this is a reopen!
3181 (hint from demyn plantenberg)
3184 status = NT_STATUS_INVALID_HANDLE;
3188 if (ISDOT(dir_fsp->fsp_name)) {
3190 * We're at the toplevel dir, the final file name
3191 * must not contain ./, as this is filtered out
3192 * normally by srvstr_get_path and unix_convert
3193 * explicitly rejects paths containing ./.
3195 parent_fname = talloc_strdup(talloc_tos(), "");
3196 if (parent_fname == NULL) {
3197 status = NT_STATUS_NO_MEMORY;
3201 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3204 * Copy in the base directory name.
3207 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3209 if (parent_fname == NULL) {
3210 status = NT_STATUS_NO_MEMORY;
3213 memcpy(parent_fname, dir_fsp->fsp_name,
3217 * Ensure it ends in a '/'.
3218 * We used TALLOC_SIZE +2 to add space for the '/'.
3222 && (parent_fname[dir_name_len-1] != '\\')
3223 && (parent_fname[dir_name_len-1] != '/')) {
3224 parent_fname[dir_name_len] = '/';
3225 parent_fname[dir_name_len+1] = '\0';
3229 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3231 if (fname == NULL) {
3232 status = NT_STATUS_NO_MEMORY;
3238 * Check to see if this is a mac fork of some kind.
3241 if (is_ntfs_stream_name(fname)) {
3242 enum FAKE_FILE_TYPE fake_file_type;
3244 fake_file_type = is_fake_file(fname);
3246 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3249 * Here we go! support for changing the disk quotas
3252 * We need to fake up to open this MAGIC QUOTA file
3253 * and return a valid FID.
3255 * w2k close this file directly after openening xp
3256 * also tries a QUERY_FILE_INFO on the file and then
3259 status = open_fake_file(conn, req->vuid,
3260 fake_file_type, fname,
3262 if (!NT_STATUS_IS_OK(status)) {
3270 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3271 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3276 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3277 char *resolved_fname;
3279 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3282 if (!NT_STATUS_IS_OK(status)) {
3284 * For PATH_NOT_COVERED we had
3285 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3286 * ERRSRV, ERRbadpath);
3287 * Need to fix in callers
3291 fname = resolved_fname;
3295 * Check if POSIX semantics are wanted.
3298 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3299 case_state = set_posix_case_semantics(talloc_tos(), conn);
3300 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3304 char *converted_fname;
3306 SET_STAT_INVALID(sbuf);
3308 status = unix_convert(talloc_tos(), conn, fname, False,
3309 &converted_fname, NULL, &sbuf);
3310 if (!NT_STATUS_IS_OK(status)) {
3313 fname = converted_fname;
3316 TALLOC_FREE(case_state);
3318 /* All file access must go through check_name() */
3320 status = check_name(conn, fname);
3321 if (!NT_STATUS_IS_OK(status)) {
3325 status = create_file_unixpath(
3326 conn, req, fname, access_mask, share_access,
3327 create_disposition, create_options, file_attributes,
3328 oplock_request, allocation_size, sd, ea_list,
3329 &fsp, &info, &sbuf);
3331 if (!NT_STATUS_IS_OK(status)) {
3336 DEBUG(10, ("create_file: info=%d\n", info));
3339 if (pinfo != NULL) {
3342 if (psbuf != NULL) {
3345 return NT_STATUS_OK;
3348 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3351 close_file(fsp, ERROR_CLOSE);
git.samba.org / samba.git / blob